Skip to content
Pentecost season

Legal

Privacy Policy

Last updated: June 1, 2026

1. Who we are

Theologos Media (“Theologos”, “we”, “us”) operates the website at theologosmedia.com. The site is operated by Garces Bros. Studios. For privacy questions, contact christiangarces@gmail.com.

2. What we collect

The categories of personal information we may collect:

  • Account information. When you create a member account, we collect your email address and (optionally) a display name. Authentication is handled by Supabase. Passwords are hashed; we never see the cleartext.
  • Payment information. Membership upgrades and hoodie pre-orders are processed by Stripe. We never see or store your card number; Stripe handles the entire payment flow and returns only a customer ID + subscription / order metadata.
  • Newsletter subscription. If you sign up for our newsletter, your email address is stored in MailerLite.
  • Analytics events. With your consent, we use Google Analytics 4 to record which pages you read, how long you stay, where you arrived from, and basic device / locale information. We do not record passwords, payment information, or message contents.
  • Advertising signals. With your consent, we use Google Ads and Meta Pixel to measure ad campaign performance and (separately) to show you tailored advertisements on Google and Meta surfaces.
  • Member-generated content. Notes, highlights, bookmarks, badges, and (if you become a contributor) article drafts are stored under your account.

3. Why we collect it

We use this information for:

  • Operating the site and your account (essential)
  • Processing payments and shipping pre-orders
  • Sending the newsletter you subscribed to
  • Understanding what content readers find valuable so we can improve the editorial library (analytics)
  • Measuring whether advertising campaigns reach the people we think they should reach (advertising measurement)
  • With your separate consent, showing you advertisements tailored to your interests on Google and Meta (personalized advertising / remarketing)

4. Legal basis (GDPR readers)

Under the EU/UK General Data Protection Regulation, our legal bases are:

  • Performance of a contract for account, payment, and pre-order processing
  • Legitimate interest for security, fraud prevention, and aggregate operational metrics
  • Consentfor analytics, advertising measurement, and personalized advertising — managed through the cookie consent banner on first visit. You can withdraw consent at any time from the “Cookie preferences” link in the footer.

5. Who we share it with

We use the following third-party processors. Each runs under its own privacy terms (linked):

  • Supabase (authentication, member database) — privacy
  • Sanity.io (CMS for editorial content) — privacy
  • Stripe (payments) — privacy
  • MailerLite (newsletter) — privacy
  • Netlify (hosting) — privacy
  • Google (Analytics, Ads) — only with your consent — privacy
  • Meta (Facebook, Instagram) — only with your consent — privacy

We do not sell your personal information for money. Under California law (CCPA/CPRA), targeted advertising may be treated as a “sale” or “share” even without money changing hands — if you live in California, you can opt out by selecting “Essential only” or by toggling off “Advertising” categories in the cookie banner.

6. How long we keep it

  • Account information — for as long as your account exists, plus 30 days after deletion (for fraud / dispute resolution).
  • Newsletter — until you unsubscribe.
  • Analytics events — Google Analytics retention is set to 14 months.
  • Payment records — 7 years (tax / accounting requirement).

7. Your rights

Depending on where you live, you may have the right to:

  • Access — request a copy of the personal information we hold about you.
  • Correct — update inaccurate information.
  • Delete— ask us to delete your account and associated data (we cannot delete records we're legally required to retain, like payment receipts).
  • Withdraw consent — change your cookie preferences at any time from the footer link.
  • Object to processing / opt out of sale— applies in California and EU/UK. Use the “Essential only” option in the cookie banner, or contact us directly.
  • Data portability — request your data in a machine-readable format.

To exercise any of these rights, email christiangarces@gmail.com with the subject line “Privacy request”.

8. Children

Theologos Media is intended for adult readers. We do not knowingly collect personal information from children under 13 (under 16 in the EU / UK). If you believe we have, contact us and we will delete the information.

9. International transfers

Our processors (Supabase, Sanity, Stripe, MailerLite, Netlify, Google, Meta) operate globally and may process your data outside your country of residence, including in the United States. Where required, we rely on Standard Contractual Clauses or the EU-US Data Privacy Framework for these transfers.

10. Security

We use HTTPS site-wide, hash all passwords, run row-level security on member data in Supabase, and apply rate limiting to authentication endpoints. No system is perfectly secure; if you believe your account has been compromised, contact us immediately.

11. Changes to this policy

We may update this policy as our practices evolve. The “Last updated” date at the top reflects the most recent change. Material changes will be announced via newsletter (if you've subscribed) and via a banner on the site.

12. Cookie details

For specific cookie categories, durations, and purposes, see our cookie policy.